Executing a remote control command to activate one or more peripheral of a mobile device in a peripheral control domain
Abstract
In certain embodiments, virtualization mechanisms used to defend against spying can also be used by attackers as a means to execute spying attacks more effectively. In certain embodiments, attack methods may use the virtualization mechanisms to surreptitiously activate input peripherals without the user's knowledge or authorization. In certain embodiments, a virtualized network interface may be employed in which all network traffic transiting a portable wireless system is routed through a remote control component within a peripheral control domain. The remote control component may be used by an attacker to communicate remotely with the portable device to send it peripheral activation commands. The remote control component can then activate peripherals via the peripheral access module without the user's or general-purpose operating system's knowledge or authorization. All other network traffic may be passed through as normal and expected to the general-purpose operating system.
Claims
exact text as granted — not AI-modifiedWe claim:
1. A method of gaining remote access to one or more of a mobile device's peripherals, comprising:
receiving data at the mobile device;
wherein the mobile device comprising:
at least one portable operating system domain;
a peripheral control domain comprising: a peripheral access policy module, a remote control component, and a physical peripheral access module;
a machine virtualization module that isolates the at least one portable operating system domain from the peripheral control domain; and
an I/O virtualization mechanism interposed between the at least one portable operating system domain and the peripheral control domain;
determining by the remote control component of the peripheral control domain whether the data received comprises a remote control command to activate the one or more of the mobile device's peripherals; and
performing a selected one of:
executing the remote control command via the physical peripheral access module without forwarding the remote control command to the operating system domain if the data comprises the remote control command to activate the one or more of the mobile device's peripherals; or
passing the data to the at least one portable operating system domain via the I/O virtualization mechanism if the data does not comprise the remote control command.
2. The method of claim 1 , wherein the peripheral control domain comprises:
a physical peripheral control module; and
a policy component for deciding how to handle input peripheral requests originating from the at least one portable operating system.
3. The method of claim 1 , wherein the machine virtualization module comprises a Type-1 hypervisor.
4. The method of claim 1 , wherein the machine virtualization module comprises a Type-2 hypervisor.
5. The method of claim 1 , wherein the machine virtualization module utilizes ARM TrustZone.
6. The method of claim 1 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel.
7. The method of claim 2 , wherein the machine virtualization module comprises a Type-1 hypervisor.
8. The method of claim 2 , wherein the machine virtualization module comprises a Type-2 hypervisor.
9. The method of claim 2 , wherein the machine virtualization module utilizes ARM TrustZone.
10. The method of claim 2 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel.
11. The method of claim 1 , further comprising:
providing one or more alternative virtualized controls that mimic one or more operating system peripheral controls for interfacing to the at least one portable operating system.
12. The method of claim 1 , further comprising:
transferring at least one control request and at least one response via a logical communications interface between the at least one portable operating system domain and the peripheral control domain.
13. The method of claim 1 , further comprising:
detecting an attempt to access at least one or more of a mobile device's peripherals; and
transferring control of the at least one or more of a mobile device's peripherals to said peripheral control domain.
14. A method of gaining remote access to one or more of a mobile device peripherals, comprising:
installing a peripheral control domain comprising: a peripheral access policy module, a remote control component, and a physical peripheral access module on a mobile device having at least one operating system domain;
installing a machine virtualization module on the mobile device that isolates the operating system domain from the peripheral control domain; and
installing an I/O virtualization mechanism on the mobile device, wherein the I/O virtualization mechanism is interposed between the operating system domain and the peripheral control domain;
receiving data at the mobile device;
determining by the remote control component of the peripheral control domain whether the data received comprises a remote control command to activate the one or more of the mobile device peripherals; and
performing a selected one of:
executing the remote control command via the physical peripheral access module without forwarding the remote control command to the operating system domain if the data comprises a remote control command to activate the one or more of the mobile device peripherals; or
passing the data to the at least one portable operating system domain via the I/O virtualization mechanism if the data does not comprise the remote control command.
15. The method of claim 14 , wherein the peripheral control domain comprises:
a physical peripheral control module; and
a policy module for deciding how to handle input peripheral requests originating from the operating system.
16. The method of claim 14 , wherein the machine virtualization module comprises a Type-1 hypervisor.
17. The method of claim 14 , wherein the machine virtualization module comprises a Type-2 hypervisor.
18. The method of claim 14 , wherein the machine virtualization module utilizes ARM TrustZone.
19. The method of claim 14 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel.
20. The method of claim 14 , wherein the machine virtualization module comprises a Type-1 hypervisor.
21. The method of claim 15 , wherein the machine virtualization module comprises a Type-2 hypervisor.
22. The method of claim 15 , wherein the machine virtualization module utilizes ARM TrustZone.
23. The method of claim 15 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.